
For FullText PDF, please login, if you are a member of IEICE,
or go to Pay Per View on menu list, if you are a nonmember of IEICE.

Improvements on Security Evaluation of AES against Differential Bias Attack
Haruhisa KOSUGE Hidema TANAKA
Publication
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences
Vol.E100A
No.11
pp.23982407 Publication Date: 2017/11/01
Online ISSN: 17451337
DOI: 10.1587/transfun.E100.A.2398
Type of Manuscript: PAPER Category: Cryptography and Information Security Keyword: block cipher, sidechannel attack, formal security analysis, leakage model, AES, differential bias attack, key enumeration, rank estimation,
Full Text: PDF(620.4KB) >>Buy this Article
Summary:
In ASIACRYPT2015, a new model for the analysis of block cipher against sidechannel attack and a dedicated attack, differential bias attack, were proposed by Bogdanov et al. The model assumes an adversary who has leaked values whose positions are unknown and randomly chosen from internal states (random leakage model). This paper improves the security analysis on AES under the random leakage model. In the previous method, the adversary requires at least 2^{34} chosen plaintexts; therefore, it is hard to recover a secret key with a small number of data. To consider the security against the adversary given a small number of data, we reestimate complexity. We propose another hypothesistesting method which can minimize the number of required data. The proposed method requires time complexity more than t>2^{60} because of timedata tradeoff, and some attacks are tractable under t≤2^{80}. Therefore, the attack is a threat for the longterm security though it is not for the shortterm security. In addition, we apply key enumeration to the differential bias attack and propose two evaluation methods, informationtheoretic evaluation and experimental one with rank estimation. From the evaluations on AES, we show that the attack is a practical threat for the longterm security.

